There is a newer version of this record available.

Software Open Access

Game of Threads: Enabling Asynchronous Poisoning Attacks

Jose Rodrigo Sanchez Vicarte; Benjamin Schreiber; Riccardo Paccagnella; Christopher W. Fletcher


DCAT Export

<?xml version='1.0' encoding='utf-8'?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:adms="http://www.w3.org/ns/adms#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dct="http://purl.org/dc/terms/" xmlns:dctype="http://purl.org/dc/dcmitype/" xmlns:dcat="http://www.w3.org/ns/dcat#" xmlns:duv="http://www.w3.org/ns/duv#" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:frapo="http://purl.org/cerif/frapo/" xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#" xmlns:gsp="http://www.opengis.net/ont/geosparql#" xmlns:locn="http://www.w3.org/ns/locn#" xmlns:org="http://www.w3.org/ns/org#" xmlns:owl="http://www.w3.org/2002/07/owl#" xmlns:prov="http://www.w3.org/ns/prov#" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" xmlns:schema="http://schema.org/" xmlns:skos="http://www.w3.org/2004/02/skos/core#" xmlns:vcard="http://www.w3.org/2006/vcard/ns#" xmlns:wdrs="http://www.w3.org/2007/05/powder-s#">
  <rdf:Description rdf:about="https://doi.org/10.5281/zenodo.3598009">
    <rdf:type rdf:resource="http://www.w3.org/ns/dcat#Dataset"/>
    <dct:type rdf:resource="http://purl.org/dc/dcmitype/Software"/>
    <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://doi.org/10.5281/zenodo.3598009</dct:identifier>
    <foaf:page rdf:resource="https://doi.org/10.5281/zenodo.3598009"/>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Jose Rodrigo Sanchez Vicarte</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>University of Illinois, Urbana Champaign</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Benjamin Schreiber</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>University of Illinois, Urbana Champaign</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Riccardo Paccagnella</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>University of Illinois, Urbana Champaign</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Christopher W. Fletcher</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>University of Illinois, Urbana Champaign</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:title>Game of Threads: Enabling Asynchronous Poisoning Attacks</dct:title>
    <dct:publisher>
      <foaf:Agent>
        <foaf:name>Zenodo</foaf:name>
      </foaf:Agent>
    </dct:publisher>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#gYear">2020</dct:issued>
    <dcat:keyword>machine learning, poisoning attacks, SGX, adversarial machine learning</dcat:keyword>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#date">2020-01-05</dct:issued>
    <dct:language rdf:resource="http://publications.europa.eu/resource/authority/language/ENG"/>
    <owl:sameAs rdf:resource="https://zenodo.org/record/3598009"/>
    <adms:identifier>
      <adms:Identifier>
        <skos:notation rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://zenodo.org/record/3598009</skos:notation>
        <adms:schemeAgency>url</adms:schemeAgency>
      </adms:Identifier>
    </adms:identifier>
    <dct:isVersionOf rdf:resource="https://doi.org/10.5281/zenodo.3598008"/>
    <dct:description>&lt;p&gt;As machine learning models continue to grow in size andcomplexity, training is being forced to adopt asynchronicity toavoid scalability bottlenecks. In asynchronous training, manythreads share and update the model in a racy fashion to avoidinter-thread synchronization.This paper studies the security implications of asynchronoustraining codes by introducingasynchronous poisoning attacks.Our attack influences training outcome&amp;mdash;e.g., degrades ac-curacy or biases the model towards an adversary-specifiedlabel&amp;mdash;purely by scheduling asynchronous training threads ina malicious fashion. Since thread scheduling is outside theprotections of modern trusted execution environments (TEEs),e.g., Intel SGX, our attack bypasses these protections evenwhen the training set can be verified as correct. To the bestof our knowledge, this represents the first example where aclass of applications loses integrity guarantees, despite beingprotected by enclave-based TEEs such as Intel SGX.We demonstrate both accuracy degradation and model bi-asing attacks on the CIFAR-10 image recognition task usingLeNet-style and Resnet DNNs, attacking an asynchronoustraining implementation published by Pytorch. Our accuracydegradation attack is trivial to perform and can decreasemodel accuracy by 6-60% with a single malicious update. Ourmodel biasing attack is capable of biasing the model towardsan adversary-chosen label by up to3.5&amp;times;the label&amp;rsquo;s normalprediction rate on a LeNet-style network and up to2&amp;times;onResNet-18.&lt;/p&gt;</dct:description>
    <dct:accessRights rdf:resource="http://publications.europa.eu/resource/authority/access-right/PUBLIC"/>
    <dct:accessRights>
      <dct:RightsStatement rdf:about="info:eu-repo/semantics/openAccess">
        <rdfs:label>Open Access</rdfs:label>
      </dct:RightsStatement>
    </dct:accessRights>
    <dcat:distribution>
      <dcat:Distribution>
        <dct:license rdf:resource="https://creativecommons.org/licenses/by/4.0/legalcode"/>
        <dcat:accessURL rdf:resource="https://doi.org/10.5281/zenodo.3598009"/>
      </dcat:Distribution>
    </dcat:distribution>
    <dcat:distribution>
      <dcat:Distribution>
        <dcat:accessURL rdf:resource="https://doi.org/10.5281/zenodo.3598009"/>
        <dcat:byteSize>61832172</dcat:byteSize>
        <dcat:downloadURL rdf:resource="https://zenodo.org/record/3598009/files/game_of_threads.tar.bz2"/>
        <dcat:mediaType>application/x-tar</dcat:mediaType>
      </dcat:Distribution>
    </dcat:distribution>
  </rdf:Description>
</rdf:RDF>
387
43
views
downloads
All versions This version
Views 387147
Downloads 4313
Data volume 991.2 MB803.8 MB
Unique views 338140
Unique downloads 4113

Share

Cite as